Noted hacker Tihmstar has released the Prometheus tool that you can use to upgrade or downgrade to unsigned iOS firmware versions. You can download the Prometheus files using this link. Remember that it is not a single tool, instead it’s a set of tools including nonceEnabler, futurerestore, and img4tool. You can use it only if you have your SHSH2 blobs save for the iOS firmware you want to upgrade or downgrade to.
You can’t use Prometheus if you have not saved the SHSH2 blobs
If you don’t already have the SHSH2 blobs saved for the unsigned iOS version, you are out of luck because Apple has closed the signing window. If you have the SHSH2 blobs saved, you can upgrade/downgrade iOS 9.x to 9.x or iOS 10.x to 10.x or even iOS 9.x to 10.x. But downgrade from iOS 10.x to 9.x is not possible.
Tihmstar pointed out that Prometheus works only on 64-bit devices. Support for the iPhone 7 and iPhone 7 Plus “may be iffy.” Also, the tool is available on Mac only at this point, though Tihmstar plans to roll out Windows and Linux versions soon.
Two ways to upgrade/downgrade unsigned iOS firmware
Prometheus can be used in two ways depending on whether your device is jailbroken. The first method requires a jailbreak and SHSH2 blobs saved with a generator. It is faster and more reliable. This method uses nonceEnabler and futurerestore together. The second method, which uses only futurerestore, does not require a jailbreak. This requires the SHSH2 blobs saved with a specific nonce and no generator.
There has been a lot of confusion regarding how to follow the upgrade/downgrade process. Tihmstar has created two videos detailing the process, and you may have to follow instructions in both of them depending on whether or not your device is jailbroken. To make things a little easier, below are the two steps to complete the process. If your iOS device is jailbroken, and have the blobs saved with a generator, follow both steps. But if you are attempting it without a jailbreak, but have the blobs saved with the five nonces Tihmstar made public, go to the second step.
The first video details how you can use your jailbroken device to set a specific nonce. Once you manually set the specific nonce, it would match the generator in the SHSH2 blobs saved and the restore would be accepted without any issues. Watch this video to see how to set the nonce with nonceEnabler. Once the device goes into recovery mode, jump to the second step.
The second video outlines how to restore an unsigned iOS firmware using the futurerestore tool of Prometheus. Those coming here from the first step need to follow the instructions up to six minutes. Just ignore the nonce collision method because that is for people whose devices aren’t jailbroken.
If you have a non-jailbroken device, follow the complete video. The nonce collision method is a little less reliable and may take several minutes.